Equifax Breach Fallout Shows the Need for Better Cybersecurity

The fallout from the Equifax hack that affected 145.5 million people can provide valuable lessons to prevent similar incidents before they happen, both by Equifax itself and the industry at large.

The number of affected people was earlier placed at 143 million but the number increased to 145.5 million or by 2.5 million, according to a statement Equifax posted on October 2, 2017 in its website.

Equifax said in the statement:

“The completed review determined that approximately 2.5 million additional US consumers were potentially impacted, for a total of 145.5 million. Mandiant did not identify any evidence of additional or new attacker activity or any access to new databases or tables. Instead, this additional population of consumers was confirmed during Mandiant's completion of the remaining investigative tasks and quality assurance procedures built into the investigative process.”

Madiant, the company hired by Equifax to investigate the breach, earlier said it happened from May to July this year.

A public relations issue?

Equifax’s admission that an additional 2.5 million people were affected by the breach does little to save its public image, especially if one takes into account that its executives dumped their stockholdings right after the breach was discovered.

The Equifax breach can provide valuable lessons on how the industry can avoid costly mistakes. In addition to the public relations problem stemming from the breach, Equifax is facing a $70 billion lawsuit.

There were initial reports that a defect in Apache Struts may have caused the breach, but no official findings from Equifax can confirm that yet.

Paulino do Rego Barros Jr, interim CEO, states:

“The completed review also has concluded that there is no evidence the attackers accessed databases located outside of the United States.”

With Equifax not yet disclosing definite findings on what caused the breach, analysts and experts from marketing, as well as security experts are looking into what other security measures (i.e better VPN security and disaster recovery) should have been in place to prevent another Equifax incident in any other organizations.

Latest Videos

Hear from Invictus Games Sydney 2019 CEO, Patrick Kidd OBE and Head of Technology, @James-d-smith -share their insights on how they partnered with Unisys to protect critical data over an open, public WiFi solution.

With so much change all the time, how can executives best prepare their businesses to meet the security challenges of the coming years? CSO Australia, in conjunction with Mimecast, explored this question in an interactive Webinar that looks at how the threat landscape has evolved – and what we can expect in 2019 and beyond.

According to new research conducted by the Ponemon Institute, Australia and New Zealand have the highest levels of data breaches out of the nine countries investigated. This was linked to heavy investment in security detection and an under-investment in security and vulnerability response capabilities

Copyright 2019 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.